CVE-2025-55154NVD

Vulnerability Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

Severity Level

HIGH(8.8)

Published Date

Aug 13, 2025

Last Modified

Sep 3, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-190: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82
https://goo.gle/bigsleep

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-55154NVD

Vulnerability Summary

External References